Fix Firefox deploy script

.gitlab-ci.yml

@@ -54,9 +54,9 @@ firefox:
   interruptible: false
   script:
     - VERSION=${CI_COMMIT_REF_NAME:1}
+    - JWT=$(node utils/make_jwt.js $FIREFOX_JWT_ISSUER $FIREFOX_JWT_SECRET)
     - >
       curl "https://addons.mozilla.org/api/v4/addons/${FIREFOX_EXTENSION_ID}/versions/${VERSION}/" \
-        -g -XPUT --form "upload=@renewedtab.zip" \
-        -H "Authorization: JWT ${FIREFOX_JWT_SECRET}"
+        -g -XPUT --form "upload=@renewedtab.zip" -H "Authorization: JWT ${JWT}"
   only:
     - tags

package-lock.json

@@ -22,6 +22,7 @@
 				"express": "^4.17.1",
 				"html-webpack-plugin": "^5.2.0",
 				"mini-css-extract-plugin": "^1.3.9",
+				"njwt": "^1.0.0",
 				"node-fetch": "^2.6.1",
 				"node-sass": "^5.0.0",
 				"nodemon": "^2.0.7",
@@ -3856,7 +3857,6 @@
 			"version": "1.0.11",
 			"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
 			"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
-			"dev": true,
 			"dependencies": {
 				"safe-buffer": "^5.0.1"
 			}
@@ -7622,6 +7622,15 @@
 			"integrity": "sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ==",
 			"dev": true
 		},
+		"node_modules/njwt": {
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/njwt/-/njwt-1.0.0.tgz",
+			"integrity": "sha512-n+FaPUauVQF/So+YcOACBb/zCxDH5WlCV3dTrX0u7VMGagjDiI39XRJWaPd2PtpT6IpIQUcd7x0twiRZaIQNDQ==",
+			"dependencies": {
+				"ecdsa-sig-formatter": "^1.0.5",
+				"uuid": "^3.3.2"
+			}
+		},
 		"node_modules/no-case": {
 			"version": "3.0.4",
 			"resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz",
@@ -16194,7 +16203,6 @@
 			"version": "1.0.11",
 			"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
 			"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
-			"dev": true,
 			"requires": {
 				"safe-buffer": "^5.0.1"
 			}
@@ -19129,6 +19137,15 @@
 			"integrity": "sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ==",
 			"dev": true
 		},
+		"njwt": {
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/njwt/-/njwt-1.0.0.tgz",
+			"integrity": "sha512-n+FaPUauVQF/So+YcOACBb/zCxDH5WlCV3dTrX0u7VMGagjDiI39XRJWaPd2PtpT6IpIQUcd7x0twiRZaIQNDQ==",
+			"requires": {
+				"ecdsa-sig-formatter": "^1.0.5",
+				"uuid": "^3.3.2"
+			}
+		},
 		"no-case": {
 			"version": "3.0.4",
 			"resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz",

package.json

@@ -41,6 +41,7 @@
 		"express": "^4.17.1",
 		"html-webpack-plugin": "^5.2.0",
 		"mini-css-extract-plugin": "^1.3.9",
+		"njwt": "^1.0.0",
 		"node-fetch": "^2.6.1",
 		"node-sass": "^5.0.0",
 		"nodemon": "^2.0.7",

utils/check_jwt.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+echo "Signing JWT"
+
+JWT=$(node utils/make_jwt.js $1 $2)
+
+curl -o - "https://addons.mozilla.org/api/v5/accounts/profile/" \
+     -H "Authorization: JWT $JWT"

utils/make_jwt.js

@@ -0,0 +1,10 @@
+const jwt = require('njwt');
+
+const issuer = process.argv[2];
+const secret = process.argv[3];
+
+// console.info(`Creating JWT for ${issuer} with secret ${secret}`);
+
+const token = jwt.create({ iss: issuer }, secret);
+token.setExpiration(new Date().getTime() + 60*1000);
+console.log(token.compact());